The present invention generally relates to software development, and particularly relates to maintaining code integrity in a central software development system.
Free source code such as open-source code is made generally available under a license permitting licensees to study, modify, and improve the source code and to redistribute the source code in modified or unmodified form. Original source code and various modified versions thereof are conventionally maintained by a central software development system for open distribution to licensed entities. A licensee downloads desired source code from the central system to the licensee's system for modification. Once modified, the licensee may remotely compile the modified source code into program code (software) or upload the modified code to the central system for compilation. If the modified source code is uploaded to the central system, the system indexes the modified code by version number so that the newly modified code can be easily located and retrieved by other licensees.
Program code created from free source code may be code that is ready for immediate execution (i.e., executable code) or code that requires a final compilation step before the code can be executed (i.e., bytecode). Executable program code is created by compiling the free source code into object code and linking the object code into executable code. Bytecode is created by compiling the free source code into intermediate code which requires further compilation or interpretation before it may be executed.
When a source licensee remotely creates program code from modified free source code, the licensee controls distribution of the program code. As such, the remotely created program code may be signed or otherwise authenticated much the same way proprietary code is authenticated. For example, the code may be signed using a private encryption key uniquely associated with the licensee who generated the program code. A device such as a mobile phone that receives the program code directly from the licensee or other trusted source can verify the authenticity of the code before downloading or executing it. For example, if the signature associated with the code is not trusted or unverifiable, the phone will not install the software.
Program code generated by a central software development system is not conventionally signed by the licensee that modified the underlying free source code. Thus, program code created by a central system conventionally has no indication of authenticity. Further, the very nature of open software development lends itself to the increased likelihood that program code is created from erroneous, malicious or virulent source code since the source code is made available to many entities. Program code created from tainted free source code cannot be trusted. Devices that execute untrustworthy program code are more susceptible to unpredictable behavior and viruses or other types of malicious code attacks than are devices that execute trusted code.
Widespread adoption of the open software development model has increased exposure to inauthentic and untrustworthy code. In some software distribution environments, software developers are provided unfettered access to devices so that software contained in the devices may be readily updated. While this may be advantageous for certain types of software such as application software, unfettered device access poses security risks for other types of software code. For example, in a mobile phone, unrestricted access to the phone's modem telecommunication protocols or boot code may seriously compromise phone security.